Creare una VPN con ssh 4.3: Difference between revisions

From RVM Wiki
Jump to navigation Jump to search
VisualWikitext
No edit summary
 
mNo edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Stub}}
=Utilizzando un tun/tap per bridge=


http://gentoo-wiki.com/HOWTO_VPN_over_SSH_and_tun
* È Decisamente più veloce di openvpn


== Introduction ==
*Assicurarsi che su entrambi gli host ci sia
sudoedit  /etc/ssh/sshd_config


The following script will let you start a full featured VPN using SSH and tun.
# ...
PermitTunnel yes
PermitRootLogin yes
#
 
sudo systemctl restart sshd
 
*Se si vuole fare un bridge:
 
<pre>
ssh -o "PermitLocalCommand=yes" \
          -o "LocalCommand=brctl addif vmbr1 tap0 && ifconfig tap0 up" \
          -o Tunnel=ethernet \
          -w 0:0 \
          -t root@myremote \
          "brctl addif vmbr1 tap0 && ifconfig tap0 up"
</pre>
 
==Riferimenti==
*[https://blog.pboehm.org/blog/2016/12/07/ssh-features-bridging-two-networks/ SSH Features: Bridging two networks ⋅ /dev/pboehm]
 
 
=Utilizzando sshuttle=
Si può utilizare
apt-get install sshuttle
 
sshuttle -r root@server.example.com 0/0
 
==Riferimenti==
[https://github.com/sshuttle/sshuttle sshuttle/sshuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.]
 
= Utilizzando uno script =
 
The following script will let you start a full featured VPN using SSH and tun:


== The script ==
<pre><nowiki>#!/sbin/sh
<pre><nowiki>#!/sbin/sh
HOST=your.web.server
HOST=your.web.server
Line 41: Line 74:
</nowiki></pre>
</nowiki></pre>


== Configuration ==


The following configuration can be set at the beginning of the script:
* The following configuration can be set at the beginning of the script:
{| cellspacing=0 border=1
{| cellspacing=0 border=1
! Item !! Description
! Item !! Description
Line 68: Line 100:
|}
|}


== TODO ==
* TODO: Convert to init.d script (ie. create stop script), detect failure, on close clear the server’s iptables and restore local /etc/resolv.conf’.


Convert to init.d script (ie. create stop script), detect failure, on close clear the server’s iptables and restore local ‘/etc/resolv.conf’.
==Riferimenti==
* http://gentoo-wiki.com/HOWTO_VPN_over_SSH_and_tun

Latest revision as of 10:55, 3 January 2023

Utilizzando un tun/tap per bridge

  • È Decisamente più veloce di openvpn
  • Assicurarsi che su entrambi gli host ci sia
sudoedit  /etc/ssh/sshd_config

# ...
PermitTunnel yes
PermitRootLogin yes
#

sudo systemctl restart sshd
  • Se si vuole fare un bridge:
ssh -o "PermitLocalCommand=yes" \
           -o "LocalCommand=brctl addif vmbr1 tap0 && ifconfig tap0 up" \
           -o Tunnel=ethernet \
           -w 0:0 \
           -t root@myremote \
           "brctl addif vmbr1 tap0 && ifconfig tap0 up"

Riferimenti


Utilizzando sshuttle

Si può utilizare 

apt-get install sshuttle

sshuttle -r root@server.example.com 0/0

Riferimenti

sshuttle/sshuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Utilizzando uno script

The following script will let you start a full featured VPN using SSH and tun: 

#!/sbin/sh
HOST=your.web.server
TUN_LOCAL=0
TUN_REMOTE=1
IP_LOCAL=192.168.2.2
IP_REMOTE=192.168.2.1
IP_MASK=24
PRIVATE_NETWORK=10.0.0.0/8
PRIVATE_DOMAIN="your.private.domain private.domain"
PRIVATE_NAMESERVER=192.168.2.1
PRIVATE_LOCAL=10.0.1.2

echo "Starting VPN tunnel ..."
modprobe tun
ssh -w ${TUN_LOCAL}:${TUN_REMOTE} -f ${HOST} "\
	ip addr add ${IP_REMOTE}/${IP_MASK} dev tun${TUN_REMOTE} \
	&& ip link set tun${TUN_REMOTE} up \
	&& iptables -t nat -I POSTROUTING -s ${IP_LOCAL} -j SNAT --to ${PRIVATE_LOCAL} \
	&& iptables -t nat -I PREROUTING -d ${PRIVATE_LOCAL} -j DNAT --to ${IP_LOCAL} \
	&& iptables -I INPUT -i tun${TUN_REMOTE} -j ACCEPT \
	&& iptables -I FORWARD -i tun${TUN_REMOTE} -j ACCEPT \
	&& iptables -t nat -I PREROUTING -i tun${TUN_REMOTE} -j ACCEPT \
	&& true"
sleep 3
ip addr add ${IP_LOCAL}/${IP_MASK} dev tun0
ip link set tun${TUN_LOCAL} up
ip route add ${PRIVATE_NETWORK} dev tun${TUN_LOCAL}
echo "search ${PRIVATE_DOMAIN}
nameserver ${PRIVATE_NAMESERVER}
" >/etc/resolv.conf
echo "... done."


  • The following configuration can be set at the beginning of the script:
Item Description
HOST Hostname of the remote SSH server (either IP or DNS name).
TUN_LOCAL Number of local tun interface. You cannot use ‘any’.
TUN_REMOTE Number of remote tun interface. You cannot use ‘any’.
IP_LOCAL IP address of local tun interface.
IP_REMOTE IP address of server tun interface.
IP_MASK IP address mask of the tuns.
PRIVATE_NETWORK Network specification (any of its IP addresses and mask) of the private network.
PRIVATE_DOMAIN Space delimiteed list of domain names of the private network (if any).
PRIVATE_NAMESERVER Nameserver in the private network.
PRIVATE_LOCAL IP address in the private network that uses this computer (in order to allow access from the private network).
  • TODO: Convert to init.d script (ie. create stop script), detect failure, on close clear the server’s iptables and restore local /etc/resolv.conf’.

Riferimenti

Retrieved from "https://kb.rvmgroup.it/index.php?title=Creare_una_VPN_con_ssh_4.3&oldid=10876"